-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.gitlab-ci.yml
More file actions
78 lines (76 loc) · 3.34 KB
/
.gitlab-ci.yml
File metadata and controls
78 lines (76 loc) · 3.34 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
.prod_template:
tags: [dagger, prod]
variables:
REPO_BRANCH: main-v2
HELM_BRANCH: main
.dev_template:
tags: [dagger, dev]
variables:
REPO_BRANCH: from-live
HELM_BRANCH: dev
.dagger:
image: ghcr.io/purpleclay/dagger-cli:0.18.10
variables:
MINIO: s3.waw3-2.cloudferro.com
BUCKET: registry-eo4eu-umm-cfs-cli
GITLAB: git.apps.eo4eu.eu
REPO_NAMESPACE: eo4eu/eo4eu-umm/customer-facing-services
HELM_NAMESPACE: eo4eu/eo4eu-cicd/cicd-infra
REGISTRY: registry.apps.eo4eu.eu
REPO: cfs-cli
HELM: helm-repo
SERVICE: eo4eu-umm
CONTEXT: build
before_script:
- "apk --no-cache add wget"
- "export VAULT_TOKEN=$(wget -qO- --method=PUT \
--body-data='{\"role_id\":\"'\"$VAULT_ROLE_ID\"'\",\"secret_id\":\"'\"$VAULT_SECRET_ID\"'\"}' \
\"$VAULT_SERVER_URL/v1/auth/approle/login\" | jq -r '.auth.client_token')"
- "export BEARER=\"X-Vault-Token: $VAULT_TOKEN\""
- "export CI_REPO_USERNAME=$(wget -qO- --header=\"$BEARER\" \
\"$VAULT_SERVER_URL/v1/kv/data/eo4eu-cicd/gitlab_credentials/$SERVICE/$REPO\" | \
jq -r '.data.data.username')"
- "export CI_REPO_PASSWORD=$(wget -qO- --header=\"$BEARER\" \
\"$VAULT_SERVER_URL/v1/kv/data/eo4eu-cicd/gitlab_credentials/$SERVICE/$REPO\" | \
jq -r '.data.data.password')"
- "export CI_COOKIECUTTER_USERNAME=$(wget -qO- --header=\"$BEARER\" \
\"$VAULT_SERVER_URL/v1/kv/data/gitlab_credentials/cookiecutter-repo\" | \
jq -r '.data.data.username')"
- "export CI_COOKIECUTTER_PASSWORD=$(wget -qO- --header=\"$BEARER\" \
\"$VAULT_SERVER_URL/v1/kv/data/gitlab_credentials/cookiecutter-repo\" | \
jq -r '.data.data.password')"
- "export CI_HELM_USERNAME=$(wget -qO- --header=\"$BEARER\" \
\"$VAULT_SERVER_URL/v1/kv/data/gitlab_credentials/$HELM\" | \
jq -r '.data.data.username')"
- "export CI_HELM_PASSWORD=$(wget -qO- --header=\"$BEARER\" \
\"$VAULT_SERVER_URL/v1/kv/data/gitlab_credentials/$HELM\" | \
jq -r '.data.data.password')"
- "export S3_ACCESS_KEY=$(wget -qO- --header=\"$BEARER\" \
\"$VAULT_SERVER_URL/v1/kv/data/s3_cloudferro_creds/gitlab\" | \
jq -r '.data.data.s3_access_key')"
- "export S3_SECRET_KEY=$(wget -qO- --header=\"$BEARER\" \
\"$VAULT_SERVER_URL/v1/kv/data/s3_cloudferro_creds/gitlab\" | \
jq -r '.data.data.s3_secret_key')"
- "export CI_ESO_USERNAME=$(wget -qO- --header=\"$BEARER\" \
\"$VAULT_SERVER_URL/v1/kv/data/gitlab_credentials/external-secrets-repo\" | \
jq -r '.data.data.username')"
- "export CI_ESO_PASSWORD=$(wget -qO- --header=\"$BEARER\" \
\"$VAULT_SERVER_URL/v1/kv/data/gitlab_credentials/external-secrets-repo\" | \
jq -r '.data.data.password')"
- "git clone -b $REPO_BRANCH \
https://$CI_REPO_USERNAME:$CI_REPO_PASSWORD@$GITLAB/$REPO_NAMESPACE/$REPO.git"
- "git clone -b $HELM_BRANCH \
https://$CI_HELM_USERNAME:$CI_HELM_PASSWORD@$GITLAB/$HELM_NAMESPACE/$HELM.git"
- "export TAG=$(git -C $REPO rev-parse HEAD)"
- "export BUILD_BLACKLISTED_IMAGES=()"
- "export SCAN_BLACKLISTED_IMAGES=()"
build_image_prod:
rules:
- if: $CI_COMMIT_BRANCH == "main-v2"
- when: never
extends: [.dagger, .prod_template]
stage: build
script:
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
- docker build -t $IMAGE_TAG .
- docker push $IMAGE_TAG